Shortened URLs remain a key strategy of spammers, prompting an overhaul of shortened URL services on the Internet.
Cligs, one of the most popular URL shortening services used on Twitter, recently upgraded its spam and malware checks following issues with spam. The new system uses public lists to check each newly-created URL to ensure the IP address of the requester or the desination URL has not been black-listed.
"Shortened URLs are being seen continuously in spam," said MessageLabs Intelligence Senior Analyst, Paul Wood. "And at the same time, shortened URL sites are being forced out of business as they get abused to death by spammers. Even sites that are known for using short URLs are taking measures to phase them out or prevent users from posting malicious links genreated from these sites."
Three spam botnets – Donbot, Cutwail and Mega-D – are causing most of the havoc, sending up to 21 billion spam messages each day, according to MessageLabs Intelligence, and accounting for 15-20 per cent of all spam globally.
Cutwail was curtailed for a brief time over August 1-2, when Latvian ISP Real Host was taken offline but was restored to previous levels overnight. However, Donbot continues to cause headaches. It accounted for three additional spam runs, one of which is estimated to have made up as much as 9.25 percent of all spam on July 28.
Email spam subjects show that Donbot is focused on pharmacy spam for discount medication.